All Products
Search

This Product

    Realtime Compute for Apache Flink:Register a Hive cluster that supports Kerberos authentication

    Document Center

    Realtime Compute for Apache Flink:Register a Hive cluster that supports Kerberos authentication

    Last Updated:Sep 12, 2024

    After you register information about a Hive cluster that supports Kerberos authentication in the Realtime Compute for Apache Flink console, Realtime Compute for Apache Flink deployments can access the Hive cluster. This topic describes how to register a Hive cluster that supports Kerberos authentication.

    Background information

    Kerberos is a computer-network authentication protocol that is used for identity authentication to ensure the security of communication. If your Realtime Compute for Apache Flink deployment needs to access a Hive cluster that supports Kerberos authentication, you must register the Hive cluster in the Realtime Compute for Apache Flink console and specify the Hive cluster information in the Realtime Compute for Apache Flink deployment.

    Limits

    • Only Hive clusters of Hadoop 2.x and Hadoop 3.x that support Kerberos authentication are supported.

      Note

      Only Realtime Compute for Apache Flink that uses Ververica Runtime (VVR) 8.0.7 or later supports Hadoop 2.x.

    • You can register only one Hive cluster that supports Kerberos authentication in a workspace.

    • SQL deployments cannot access the Hive cluster that supports Kerberos authentication.

    Precautions

    If you no longer require a Hive cluster that supports Kerberos authentication, you can delete the cluster to disassociate the cluster from Realtime Compute for Apache Flink. If you disassociate a Hive cluster that supports Kerberos authentication from a Realtime Compute for Apache Flink workspace, the deployments that use the Kerberos service in all namespaces of the workspace fail to run. Proceed with caution when you perform this operation.

    Procedure

    1. Go to the page for registering information about a Hive cluster that supports Kerberos authentication.

      1. Log on to the Realtime Compute for Apache Flink console.

      2. find the workspace that you want to manage and click Console in the Actions column.

      3. In the left-side navigation pane, click Security > Security.

    2. On the Security page, click the Hive Kerberos tab. On the Hive Kerberos tab, click Add Kerberos.

    3. In the Add Kerberos dialog box, configure the parameters. The following table describes the parameters.

      Parameter

      Description

      Kerberos Name

      Enter the name of the Hive cluster that supports Kerberos authentication.

      Kerberos Keytab

      Keytab is a file that contains principals and encrypted principal keys. You can access the Keytab file to pass Kerberos authentication as a principal.

      Enter the path of the Keytab file of Kerberos. You can click the image..png button on the right side of the Kerberos Keytab parameter to upload the required file. Then, you can select the file that you upload.

      Kerberos Krb5.conf

      Krb5.conf is a configuration file in the Kerberos authentication environment. The file is used to specify the connection mode and security parameters between Kerberos clients and servers. The file is also used to specify the locations of Kerberos components.

      Enter the path of the Krb5.conf file of Kerberos. You can click the image..png button on the right side of the Kerberos Krb5.conf parameter to upload the required file. Then, you can select the file that you upload.

    4. Click OK.

      If you no longer require a Hive cluster that supports Kerberos authentication, find the cluster and click Delete in the Actions column to disassociate the cluster from Realtime Compute for Apache Flink.